From 8ab8c1a4698c138b6985e9640edbc7cf318f37a1 Mon Sep 17 00:00:00 2001
From: Qualys Security Advisory <qsa@qualys.com>
Date: Thu, 1 Jan 1970 00:00:00 +0000
Subject: [PATCH] top: Prevent integer overflows in config_file() and
 other_selection().

---
 top/top.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/top/top.c b/top/top.c
index 8090e97c..7eb1c660 100644
--- a/top/top.c
+++ b/top/top.c
@@ -3797,6 +3797,9 @@ error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
       size_t lraw = strlen(Inspect.raw) +1;
       char *s;
 
+      if (i < 0 || (size_t)i >= INT_MAX / sizeof(struct I_ent)) break;
+      if (lraw >= INT_MAX - sizeof(fbuf)) break;
+
       if (!fgets(fbuf, sizeof(fbuf), fp)) break;
       lraw += strlen(fbuf) +1;
       Inspect.raw = alloc_r(Inspect.raw, lraw);
@@ -4644,6 +4647,9 @@ static void other_selection (int ch) {
          , inc ? N_txt(WORD_include_txt) : N_txt(WORD_exclude_txt)));
       return;
    }
+   if (Curwin->osel_prt && strlen(Curwin->osel_prt) >= INT_MAX - (sizeof(raw) + 6)) {
+      return;
+   }
    osel = alloc_c(sizeof(struct osel_s));
    osel->inc = inc;
    osel->enu = enu;